Hard to say. I had the SA account failing log in's every time a user got into an app. didn't show in the DC event or the workstation event just the Error log of SQL. So I ran the SQL Profiler and found the computer that was failing the log in. Mostly because I thought I might have a mouse in my pudding but found it was just a bad ODBC settings. Dropped and add the ODBC connection and magically the app started worked (Not reported as an issue from the user) and the login failures stopped.
----- Original Message ----- From: Tim Evans To: NT System Admin Issues Sent: Thursday, May 15, 2008 1:14 PM Subject: RE: account lockout Thanks, I'll have our DBA give that a try and let you know how it goes. Is it correct that these failed logons wouldn't show up in the DC's security logs if I'm auditing logon failures? .Tim From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Thursday, May 15, 2008 9:55 AM To: NT System Admin Issues Subject: Re: account lockout Run a SQL profiler trace and audit log on's for that account. You can even audit log on failures. This should give you the process that is screwing you up. ----- Original Message ----- From: Tim Evans To: NT System Admin Issues Sent: Thursday, May 15, 2008 12:49 PM Subject: RE: account lockout BTW, Its Windows 2003 server Forest and Domain functional level .Tim From: Tim Evans [mailto:[EMAIL PROTECTED] Sent: Thursday, May 15, 2008 9:45 AM To: NT System Admin Issues Subject: account lockout We've got a domain service account that is repeatedly getting locked out, but I'm not getting any 644 or 529 events in the DC security logs for that account. I've also run the built in Account Lockouts search in EventCombNT and come up empty. I'm pretty sure it is some kind of a scheduled job that is doing it, but finding it is proving challenging. If it helps any, it's a SQL Server service account and it runs many SQL queries. Any ideas how I can find what is locking out this account? Tim Evans Associate, IT Manager S P A R L I N G 206/667-0509-Direct www.sparling.com ______________________________________________________ This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________ This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
